<?php
require_once("inc.member.php");

$this_title="$vars[member_title] &raquo; ".__("Profile");
$page_title=__("Profile");
$content_title=__("Profile");
//tab
$css="<link rel='stylesheet' type='text/css' href='".CSS_URL."/tab/tab".(USER_BROWSER=='msie'? "-ie" : "").".css' />\n";
$tab=
"<ul class='tabs-nav' id='_tab'>
  <li class='tabs-".(!$get_s["p"]? "" : "un")."selected'><a href='".$vars["file"]["member"]["profile"]."' name='tab' rel='info'><span>".__("Profile")."</span></a></li>
  <li class='tabs-".($get_s["p"]=='1'? "" : "un")."selected'><a href='".$vars["file"]["member"]["profile"]."?p=1' name='tab' rel='pass'><span>".__("Password")."</span></a></li>
  <li class='tabs-".($get_s["p"]=='2'? "" : "un")."selected'><a href='".$vars["file"]["member"]["profile"]."?p=2' name='tab' rel='ewallet'><span>".__("AuthCode")."</span></a></li>
</ul>
<div class='tabs-panel' style='width:97%;'><%tab_content%></div>";

$td_width=180;

//#####CHANGE PASSWORD POST#####
if($_POST["__req"] && ($_GET["p"]=='1' || $_GET["p"]=='2' || $_GET["p"]=='3')){
 if($post_s['__req']=='1' || $post_s['__req']=='2' || $post_s['__req']=='3'){//password
  $errmsg=verify_form_data("users", $post_s);
  if(!$errmsg){
   if(!strlen($post_s["old_password"])){
    $errmsg.=replace_tag(__("'<%field%>' is a required field."), array("<%field%>"=>__("Existing Password")))."<br />\n";
   }else{	
   		if($post_s['__req']=='1')
    		$enc_pass=explode(":", $r_user["enc_password"]);    
    	elseif($post_s['__req']=='2')
    	   	$enc_pass=explode(":", $r_user["ewallet_enc_password"]);    
			
    	$salt=$enc_pass[1];
    	if(md5($post_s["old_password"].$salt)!=$enc_pass[0]){
     		$errmsg.=__("You have entered an invalid Existing Password.")."<br />\n";
    	}
   }
   if(!is_alphanum($post_s["_password"])){
    $errmsg.=replace_tag(__("'<%field%>' must be a combination of numbers and alphabets."), array("<%field%>"=>__("Password")))."<br />\n";
   }elseif(!$post_s["password2"]){
    $errmsg.=replace_tag(__("'<%field%>' is a required field."), array("<%field%>"=>__("Confirm Password")))."<br />\n";
   }elseif($post_s["password2"]!=$post_s["_password"]){
    $errmsg.=__("Your entered passwords did not match.")."<br />\n";
   }
  } }else{//security password
  $errmsg=verify_form_data("users", $post_s);
  if(!$errmsg){
   if(!strlen($post_s["old_sec_password"])){
    $errmsg.=replace_tag(__("'<%field%>' is a required field."), array("<%field%>"=>__("Existing Security Password")))."<br />\n";
   }else{
    $enc_pass=explode(":", $r_user["enc_sec_password"]);
    $salt=$enc_pass[1];
    if(md5($post_s["old_sec_password"].$salt)!=$enc_pass[0]){
     $errmsg.=__("You have entered an invalid Existing Security Password.")."<br />\n";
    }
   }
   if(!is_alphanum($post_s["_sec_password"])){
    $errmsg.=replace_tag(__("'<%field%>' must be a combination of numbers and alphabets."), array("<%field%>"=>__("Security Password")))."<br />\n";
   }elseif(!$post_s["sec_password2"]){
    $errmsg.=replace_tag(__("'<%field%>' is a required field."), array("<%field%>"=>__("Confirm Security Password")))."<br />\n";
   }elseif($post_s["sec_password2"]!=$post_s["_sec_password"]){
    $errmsg.=__("Your entered security passwords did not match.")."<br />\n";
   }
  }
 }

 //#####UPDATE TO DB#####
 if(!$errmsg){
  $salt=generate_random_code(32);
  if($post_s['__req']=='1'){
   $enc_password=md5($post_s["_password"].$salt).":".$salt;
   $password_q="password='$post_d[_password]', enc_password='$enc_password'";  
  }elseif($post_s['__req']=='2'){   
   $enc_password=md5($post_s["_password"].$salt).":".$salt;   
   $password_q="ewallet_password='$post_d[_password]', ewallet_enc_password='$enc_password'";  
  }else{
   $enc_password=md5($post_s["_sec_password"].$salt).":".$salt;
   $password_q="sec_password='$post_d[_sec_password]', enc_sec_password='$enc_password'";
  }
  $update_pass_q=$r_user["update_pass"]=="y"? ", update_pass=''" : "";
  $sql="update $db->users set $password_q $update_pass_q where id='$uid' limit 1";
  if(!mysql_query($sql)){
   $errmsg.=__("We have encountered some error and the update process has been failed.")."<br />\n".($vars['debug']? "<br />\nSQL: $sql<br />\n<br />\nError: ".mysql_error()."<br />\n" : "");
  }
  if(!$errmsg){	  	if($post_s['__req']=='2'){		  		$msg=__("AuthCode has been edited.")."<br />\n";		  		$ewallet_msg=$msg? format_msg($msg) : "";	  	}else{
	   $msg=__("Password has been edited. You may need to login again.")."<br />\n";		   $ewallet_msg=$msg? format_msg($msg) : "";			}
  }
 }   $ewallet_errmsg=$errmsg? format_err($errmsg) : "";  $p_errmsg=$errmsg? format_err($errmsg) : "";
 $errmsg='';
}

//#####CHANGE DETAIL POST#####
if($_POST["__req"] && !$_GET["p"]){
 /*##### ERROR CHECK #####*/
 $chk_arr="_email,_address,_address2,_city,_zip,_state,_mobileno,_officeno,_faxno,_bank_name,_bank_acc_no,_bank_swiftcode,_bank_branch,_payee_name";
 if($r_user["acc_type"]=="p"){
  $chk_arr.=",_homeno,_occupation";
 }else{
  $chk_arr.=",_person_in_charge";
 }
 $chk_arr=explode(",", $chk_arr);
 foreach($post_s as $f=>$v){
  if(in_array($f, $chk_arr)){
   $data[$f]=$v;
  }
 }
 $errmsg=verify_form_data("users", $data);
 if(!$errmsg){
  if($r_user["acc_type"]=="p"){
   //check dob
   $dob="$post_s[dob_year]-".pad_length($post_s["dob_month"], 2)."-".pad_length($post_s["dob_day"], 2);
   if(!@checkdate($post_s["dob_month"], $post_s["dob_day"], $post_s["dob_year"])){
    $errmsg=__("Invalid date format selected for DOB.")."<br />\n";
   }
  }
  //check password
  if(!strlen($post_s["password"])){
   $errmsg.=__("Please provide your Password.")."<br />\n";
  }else{
   $enc_pass=explode(":", $r_user["enc_password"]);
   $salt=$enc_pass[1];
   if(md5($post_s["password"].$salt)!=$enc_pass[0]){
    $errmsg.=__("You have entered an invalid Password.")."<br />\n";
   }
  }
  //check email
  if(strlen($post_s['_email'])){
	  if(!verify_email($post_s["_email"])){
	   $errmsg.=__("Please provide a valid email address.")."<br />\n";
	  }elseif($post_s['_email'] != $r_user['email'] && email_found($post_d['_email'])){
	   $errmsg.=replace_tag(__("The email address '<%email%>' is already in use, please providee another."), array("<%email%>"=>$post_h['_email']))."<br />\n";
	  }
  }
 }
 //#####END ERROR CHECK#####

 //#####UPDATE TO DB#####
 if(!$errmsg){
  $update_arr=implode(",", $chk_arr);
  //khor 20100602: no need to update country
  //$update_arr.=",dob,country";
  $update_arr.=",dob";
  $post_s['dob']=$post_d['dob']=$dob;
  $update_arr=explode(",", $update_arr);
  foreach($update_arr as $field){
   $db_field=substr($field, 0, 1)=="_"? substr($field, 1) : $field;
   $ufvq.=($ufvq? ", " : "")."$db_field='".$post_d[$field]."'";
  }
  $sql="update $db->users set $ufvq where id='$uid' limit 1";
  if(!mysql_query($sql)){
   $errmsg.=__("We have encountered some error and the update process has been failed.")."<br />\n".($vars['debug']? "<br />\nSQL: $sql<br />\n<br />\nError: ".mysql_error()."<br />\n" : "");
  }
  if(!$errmsg){
   $msg=__("You have successfully updated your account information.")."<br />\n";
  }
 }

 $i_msg=$msg? format_msg($msg) : "";
 $i_errmsg=$errmsg? format_err($errmsg) : "";
 $errmsg=$msg='';
}

//javascript
$jvscript=
"<script type='text/javascript' src='".JS_URL."/get_file_gzip.php?file=".urlencode("jquery.js")."'></script>
<script type='text/javascript'>
jQuery(document).ready(function(j){
 j('a[@name=tab]').click(function(){
  var ptype=j(this).attr('rel');
  j('div#profile_info').css('display', ptype=='info'? 'block' : 'none');
  j('div#profile_pass').css('display', ptype=='pass'? 'block' : 'none');   		  j('div#profile_ewallet_pass').css('display', ptype=='ewallet'? 'block' : 'none');        j('div#profile_epoint_pass').css('display', ptype=='epoint'? 'block' : 'none');
  j('ul#_tab > li').removeClass().addClass('tabs-unselected');
  j(this).parent().removeClass().addClass('tabs-selected');
  return false;
 });
 j('form[@name=profile_pass_form],form[@name=profile_ewallet_pass_form],form[@name=profile_epoint_pass_form],form[@name=profile_info_form]').submit(function(){
  j('input[@name=submit_btn]').attr('disabled','disabled');
 });
});

</script>";

//change password form
$form_fields=array("old_password"=>__("Password"),"_password"=>__("New Password"),"password2"=>__("Confirm New Password"),"_enc_password"=>__("AuthCode"));
foreach($form_fields as $field => $fname){
 $extra_display="";
 if($field=="_password"){
  $pass_dt=explode("#", $vars["dbr"]["users"]["password"]);
 }  
 $form_inputfield[$field]="
 <tr id='input_$field'>
  <td width='$td_width'>".__($fname).__(":")."</td>
  <td><input type='password' name='$field' $inputbox_style /></td>
 </tr>";
}

$profile_pass=($ewallet_errmsg||$ewallet_msg? $ewallet_errmsg.$ewallet_msg : "").
"<h3>".__("Edit Password")."</h3>".($_GET["f"]?
"<p class='bold'>".__("You must update your password to continue since the existing password is a temporary password and this will better protect and secure your account.")."</p>" : "")."
<form name='profile_pass_form' method='post' action='$this_file?p=1'>
<input type='hidden' name='__req' value='1' />
<table class='pbt_table' width='100%'> <tr>  <td width='$td_width'>".__("Member ID").__(":")."</td>  <td width='$td_width'><input type='text' name='_code' class='readonly inputbox' style='width:100%;' value='".$r_user['code']."' readonly='readonly' /></td> </tr> 
 $form_inputfield[old_password]
 $form_inputfield[_password]
 $form_inputfield[password2]
 <tr>
  <td colspan='2' class='center' style='padding:20px 0 20px 0;'>
   <input type='submit' name='submit_btn' value=\"".__("Update")."\" />
  </td>
 </tr>
</table>
</form>";$profile_ewallet_pass=($ewallet_errmsg||$ewallet_msg? $ewallet_errmsg.$ewallet_msg : "")."<h3>".__("Edit AuthCode")."</h3>".($_GET["f"]?"<p class='bold'>".__("You must update your password to continue since the existing password is a temporary password and this will better protect andsecure your account.")."</p>" : "")."<form name='profile_ewallet_pass_form' method='post' action='$this_file?p=2'><input type='hidden' name='__req' value='2' /><table class='pbt_table'>  <tr>  <td width='$td_width'>".__("Member ID").__(":")."</td>  <td width='$td_width'><input type='text' name='_code' class='readonly inputbox' style='width:100%;' value='".$r_user['code']."' readonly='readonly' /></td> </tr>   $form_inputfield[old_password]     $form_inputfield[_password]     $form_inputfield[password2]     <tr>      	<td colspan='2' class='center' style='padding:20px 0 20px 0;'>   <input type='submit' name='submit_btn' value=\"".__("Update")."\" />  </td>    </tr></table></form>"; 
//change info form$form_fields=array("_code"=>$r_user["code"],"_email"=>$r_user["email"],"_cdate"=>$r_user["cdate"]);foreach($form_fields as $field => $default){ $db_fieldname=preg_match('/^_/', $field)? substr($field, 1) : $field; $dis[$field]=!$post_s["__req"] || $get_s["p"]? $default : $post_h[$field];}

//khor 20100602: disable member to change country
//$country_select=build_select($country_code, $country_code_d, $dis["country"], "country", $inputbox_style);
$country_select=build_select($country_code, $country_code_d, $dis["country"], "country", "disabled");
$dob_input=generate_dmy_input("dob", $dis["dob_day"], $dis["dob_month"], $dis["dob_year"], "class='inputbox' width='100' style='width: 100px'");

$display_fields=array("_code","_email","_cdate");
foreach($form_fields as $field => $default){
 if(in_array($field, $display_fields)){
  $db_fieldname=preg_match('/^_/', $field)? substr($field, 1) : $field;
  $dbr=explode("#", $vars["dbr"]["users"][$db_fieldname]);
  $readonly=$textarea=$password=false;
  $add_class="";
  if(in_array($field, array("_code","_email","_cdate"))){
   $readonly=true;
  }
  $extra_display="";
  $readonly_str=$readonly? "readonly='readonly'" : "";
  $add_class=$readonly? "readonly" : "";
  $inputbox_style2=$add_class? preg_replace('/^class=\'/', "class='$add_class ", $inputbox_style) : $inputbox_style;
  $form_inputfield[$db_fieldname]="
  <tr id='input_$db_fieldname'>
   <td width='$td_width'>".__($dbr[4]).__(":").($dbr[3]=='m'? " ".__("*") : "")."</td>
   <td>".($textarea? "<textarea name='$field' rows='6' $inputbox_style2 $readonly_str>".$dis[$field]."</textarea>" : "
   <input type='".($password? "password" : "text")."' name='$field' $inputbox_style2 value=\"".$dis[$field]."\" $readonly_str />")."$extra_display</td>
  </tr>";
 }
}

$profile_info=($i_errmsg || $i_msg? $i_errmsg.$i_msg : "")."
<form name='profile_info_form' method='post' action='$this_file'>
<input type='hidden' name='__req' value='1' />
<h3>".__("Member Details")."</h3>
<table class='pbt_table'>
 $form_inputfield[code] $form_inputfield[email]
 $form_inputfield[cdate]
</table>
</form>";

$profile="<div id='profile_info'".($get_s["p"]? " style='display:none;'" : "").">$profile_info</div><div id='profile_pass'".($get_s["p"]!='1'? " style='display:none;'" : "").">$profile_pass</div><div id='profile_ewallet_pass'".($get_s["p"]!='2'? " style='display:none;'" : "").">$profile_ewallet_pass</div><div id='profile_epoint_pass'".($get_s["p"]!='3'? " style='display:none;'" : "").">$profile_epoint_pass</div>";
$profile=str_replace("<%tab_content%>", $profile, $tab);
$content=$profile;
print format_member_page($content, $this_title, $content_title, $css.$jvscript);
?>